<?php
 /******************************************************************************
 *   GunCMS is an avid supporter of open source software. This is the appropriate 
 *   option if you are creating an open source application with a license 
 *   compatible with the GNU GPL license v3.
 *   For details http://www.gnu.org/licenses/gpl.html
 *   DO NOT USE FOR COMMERCIAL WITHOUT PERMISSION
 *
 * GunCMS Version 1.0.3
 * Copyright(c) 2009-2010, T & L GdbR
 * info@guncms.de
 * 
 * http://www.guncms.de
 ********************************************************************************/
class BgcmsUserBean {
	
	  public function __construct() {
	  //
	  }
		
	  public function __destruct() {
		//
	  }
	
    public static function get_user_by_name($db, $uname) {
    	$strSQL = sprintf("SELECT * FROM " . TBL_USER . " WHERE user_name='$uname'");
    	return $db->get_row($strSQL);
    }
    
    public static function get_user_by_id($db, $id) {
    	$strSQL = sprintf("SELECT * FROM %1\$s WHERE user_id='$id'", TBL_USER);
    	return $db->get_row($strSQL);
    }
    
    public static function delete_user_by_id($db, $id) {
    	$strSQL = sprintf("DELETE FROM %1\$s " .
    			"WHERE user_id='$id'", TBL_USER);
    	$res = $db->query($strSQL) > 0;
    	return $res;
    }
    
    public static function existed_user_by_id($db, $id) {
    	$strSQL = sprintf("SELECT count(%1\$s.user_id) FROM %1\$s WHERE user_id='$id'", TBL_USER);
    	$count = $db->get_var($strSQL);
    	return ($count > 0);
    }
    
    public static function existed_user_by_name($db, $name) {
    	$strSQL = sprintf("SELECT count(%1\$s.user_id) FROM %1\$s WHERE user_name='$name'", TBL_USER);
    	$count = $db->get_var($strSQL);
    	return ($count > 0);
    }
    
    public static function save_user($db, $info) {
    	$strSQL = sprintf("INSERT INTO %s " .
    			"(user_name, user_firstname, user_lastname, user_password, user_email, " .
    			"is_admin, user_registered) " .
    			"VALUES ('%s', '%s', '%s', '%s', '%s', %s, now())", 
    			TBL_USER,
    			mysql_real_escape_string($info['user_name']),
    			mysql_real_escape_string($info['user_firstname']),
    			mysql_real_escape_string($info['user_lastname']),
    			crypt(mysql_real_escape_string($info['user_password']), '$gcms$'),
    			mysql_real_escape_string($info['user_email']),
    			(mysql_real_escape_string($info['is_admin']) != "1" ? "0" : "1"));
    	$res = $db->query($strSQL);
    	if($res == true) {
    		return $db->insert_id;
    	} else
    		return -1;
    }
    
    public static function update_user($db, $info,$set) {
    	$objUser = BgcmsUserBean::get_user_by_id($db, $info['user_id']);
    	$isChangePass = ($objUser->user_password != $info['user_password']);
    	if($set != 'myprofile'){
			if(!isset($info['is_admin'])){
				$info['is_admin'] = 0;
			}
			$data = "is_admin = '".$info['is_admin']."',";
			$post = ($info['is_admin'] != "1" ? "0" : "1");
		}else{
			if(isset($info['is_admin'])){
				$data = "is_admin = '".$info['is_admin']."',";
				$post = ($info['is_admin'] != "1" ? "0" : "1");
			}
		}
    	$sql = sprintf("UPDATE %s SET " .
    			($isChangePass?"user_password = '%s', ": '%s') .
				"$data " .
    			"user_firstname = '%s', " .
    			"user_lastname = '%s', " .
    			"user_email = '%s' " .
    			"WHERE user_id=" . $info['user_id'], TBL_USER,
    			($isChangePass?crypt($info['user_password'], $info['user_name']):''),
    			$info['user_firstname'],$info['user_lastname'],$info['user_email']);
    	$res = $db->query($sql) >= 0;

    	return $res;
    }
    
    public static function get_all_user($db) {
        $strSQL = sprintf("SELECT * FROM %s", TBL_USER);
        return $db->get_results($strSQL);
    }
    
    public static function get_all_user_paging($db,$paging,$path,$sort,$by) {
    	if($sort!="")
			$condsort = "ORDER BY u.".$sort." ".$by;
		else
			$condsort = "ORDER BY u.user_id ";
        $page = isset ( $_GET[$path]) ? intval ( $_GET[$path] ) : 1;
        $rows_per_page= $paging;
        $page_start = ( $page - 1 ) * $rows_per_page;
        $page_end = $page * $rows_per_page;
        $strSQL = "SELECT * FROM " . TBL_USER . " u $condsort LIMIT $page_start,$rows_per_page ";
        return $db->get_results($strSQL);
    }
    
    public static function count_all_user($db) {
        $strSQL = sprintf("SELECT COUNT(%1\$s.user_id) as total FROM %1\$s ", TBL_USER);
        $res = $db->get_row($strSQL);
		    return	$res->total;
    }
	public function check_email_address($email) {
    	// First, we check that there's one @ symbol, and that the lengths are right
    	if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
    	// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
    	return false;
    	}
    	// Split it into sections to make life easier
    	$email_array = explode("@", $email);
    	$local_array = explode(".", $email_array[0]);
   		for ($i = 0; $i < sizeof($local_array); $i++) {
   			if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
   			return false;
   			}
   		}
   		if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))  // Check if domain is IP. If not, it should be valid domain name
   		{
   			$domain_array = explode(".", $email_array[1]);
   			if (sizeof($domain_array) < 2) 
   			{
   			return false; // Not enough parts to domain
   			}
   			for ($i = 0; $i < sizeof($domain_array); $i++) 
   			{
   				if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) 
   				{
   				return false;
   				}
   			}
   		}
   		return true;
	}
	
	public function ExistsByEmail($db, $user_email) {
    	$sql = sprintf("SELECT * FROM ".TBL_USER." WHERE user_email='$user_email'");
    	return $db->get_row($sql);
    }
	
	public function updatePassword($db, $email, $pass)
    {
    	$sql = sprintf("UPDATE %s SET " .
    					"user_password 	 = '%s' " .
    					"WHERE user_email = '%s'", 
    					TBL_USER,
    					mysql_real_escape_string($pass),
    					mysql_real_escape_string($email));		
    	$res = $db->query($sql);
		return $res;
    }
}
?>
